git.ipfire.org Git - thirdparty/rspamd.git/commit

author	Vsevolod Stakhov <vsevolod@rspamd.com>
	Fri, 3 Oct 2025 14:43:27 +0000 (15:43 +0100)
committer	Vsevolod Stakhov <vsevolod@rspamd.com>
	Fri, 3 Oct 2025 14:43:27 +0000 (15:43 +0100)
commit	64fc71440b1ba602aabfb8c956f56c861d82a35b
tree	9489633825ae2db5b8995b5bf0a7e5e791c6fce0	tree \| snapshot
parent	8ef197015384e8ede0e34817237958e6c8700ae7	commit \| diff

[Feature] Add symbol categories for MetaDefender and VirusTotal

Implemented a category-based symbol system for hash lookup antivirus
scanners (MetaDefender and VirusTotal) to replace dynamic scoring:

- Added 4 symbol categories: CLEAN (-0.5), LOW (2.0), MEDIUM (5.0), HIGH (8.0)
- Replaced full_score_engines with threshold-based categorization (low_category, medium_category)
- Fixed symbol registration in antivirus.lua to use rule instead of config
- Updated cache format to preserve symbol category across requests
- Added backward compatibility for old cache format
- Added symbols registration and metric score assignment
- Updated configuration documentation with examples

The new system provides:
- Clear threat categorization instead of linear interpolation
- Proper symbol weights applied automatically
- Consistent behavior between MetaDefender and VirusTotal
- Cache that preserves symbol categories

Configuration example:
metadefender {
  apikey = "KEY";
  type = "metadefender";
  minimum_engines = 3;
  low_category = 5;
  medium_category = 10;
}

conf/local.d/antivirus.conf.example		diff \| blob \| blame \| history
conf/modules.d/antivirus.conf		diff \| blob \| blame \| history
lualib/lua_scanners/common.lua		diff \| blob \| blame \| history
lualib/lua_scanners/metadefender.lua		diff \| blob \| blame \| history
lualib/lua_scanners/virustotal.lua		diff \| blob \| blame \| history
src/plugins/lua/antivirus.lua		diff \| blob \| blame \| history